What are the personal data more often used?


How to define personal data?

Personal data could be defined as “an identifiable natural person identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” according to the 4th article of the General Data Protection Regulation.

When you use mobile apps, connected objects or online services, many digital data are registered. These data allow companies to know you, and your habits, in a very detailed way : your buying habits, your favorite websites, your daily life, your health status, etc. But from now on, all of the digital actors have to respect some rules and limits in order to regain your trust.

Recent scandals related to the theft of personal data raised many questions about the collection, and especially about the reuse of this information. Some companies, in an almost monopoly position, have a monetized management of the personal data. They gave the opportunity (by renting the data base, for example) to advertisers to make very targeted and intrusive ads.

The GDPR implementation brings a new structure in the relation between individuals and companies. This structure will clean up all the interactions. It will be effective thanks to some main principles of the GDPR : data minimization and update done by the data protection officer, or the transparency in your data management by the companies and administrations.

What are personal data more often collected for?

Now you know that many of your personal data are reused by companies, but it’s hard, still today, to identify them.

Data which are collected by social networks or search engines all have an advertising advantage. You feel more and more concerned about the privacy and the data protection. The trust you give depends on the company : according to a CSA 2017 study, more than 50% trust the banking sector for personal data management against only 10% trusting social networks.

More often personal data collected are:

  • Demographic data: name, last name, age, gender, marital status…
  • Behavioural data: buying habits, visited websites, average duration of the session…
  • Interests: favorite sport, political opinion, DIY-friendly…
  • Internet navigation data: used device, localization, phone number, IMEI number (International Mobile Equipment Identity)

The personal data collection, as a massive and systematic one, called Big Data, will soon be over. In fact, the GDPR implementation (May 25, 2018) imposes the « data minimization ». Any company, or administration, will likely be required to collect “adequate, relevant and limited” data “to what is necessary in relation to the purposes for which they are processed” (art. 5).

The transparency is also a milestone principle in the GDPR. The data management will finally be clear and precise. All the data will be sent “in a concise, transparent, intelligible and easily accessible form” (art. 12) by companies and administrations.

With the transparency principle, companies and administration have to provide (art. 13) :

  • the identity and the contact details of the controller
  • the purposes of the processing
  • the period for which the personal data will be stored
  • the existence of the right to request from the controller access to and rectification or erasure of personal data
  • the existence of the right to request from the controller access to and rectification or erasure of personal data
  • Etc.

All the information could be provided exercising your right of access. The Fair&Smart platform simplifies this exercise of the right of access for any individuals. From now on, the transparency of digital services will be more favoured.